We outline below our standard terms and conditions which apply to the provision of the Services described in the Letter of Engagement. These documents collectively constitute a legally binding agreement between us.
We are Leyton Benelux S.A., a company incorporated under Belgian law with its registered office at Chaussée de la Hulpe 166 in Brussels, and with its Dutch operating headquarters at Papendorpseweg 95, 3528 BJ Utrecht, registered with the Dutch Chamber of Commerce under number 70369208 and duly represented by Alexandre GANGJI, CEO Leyton Benelux. Leyton shall be referred to hereunder as “we”, “our” or “us”. You are named in the Letter of Engagement and shall be referred to hereunder as “you” or “your”. Collectively you and us may be referred to as “the Parties”.
If you are unsure as to the legal implications of this agreement you should seek your own independent legal advice. In agreeing to these terms, you are acknowledging that you have not been induced into entering into this agreement by advice from us regarding its implications or your obligations hereunder”.
The Client shall provide Leyton with any and all information, data and documents necessary to perform the Services.
Each Party shall keep any and all information or documents received from the other Party confidential and shall therefore not disclose it to any third party without such other Party’s prior written consent. Notwithstanding the above, the Client hereby authorizes Leyton to indicate in its marketing materials, no reporting, the existence of its relationship with the Client as well as the type of services that are the subject of this Agreement.
LEYTON shall provide the Client with recommendations upon completion of the audit. LEYTON acknowledges and agrees that the Client shall be free to implement each such recommendation. In case the client refuses to implement one or more recommendations, the Client undertakes not to implement it for a three (3)-year period upon expiration of this Agreement. The Client may, however, change its position at any time within the three (3)-year period in question in which case it shall inform LEYTON thereof and LEYTON shall be entitled to charge the Services in accordance with this Agreement. If the Client decides to implement the recommendations, it shall do so with the assistance of LEYTON up till realization of the Savings. In case of disagreement expressed in writing by the administration, the Client and LEYTON shall agree in good faith on the best course of action for the file.
For services rendered by Leyton, leading to a successful application as confirmed by the Rijksdienst voor Ondernemend Nederland (RVO.nl), Leyton shall an invoice based on the agreed fee (mixed and/or succesfee). The amounts invoiced by Leyton are payable 30 days after reception. In case of late Payment, Leyton shall be entitled, without any prior notification or legal action, to a late payment interest at the rate set forth in the European Directive (2011/7/EU) which is implemented since March 16, 2013 relating to the fight against late payment in commercial transactions.
For the avoidance of any doubt, the Client represents and warrants that there is no competing audit in relation to the Services, whether such audit is conducted in-house or by a third party. Therefore, any and all Savings in relation to the Services are deemed to arise from the work of LEYTON within the context of this Agreement, except for any Savings disclosed in writing by the Client on, or before, the signature of this Agreement.
With regard to the personal data for which it is responsible and in particular those to which LEYTON may have access in connection with the performance of the services, the Client is required to take all necessary precautions with regard to the character of the data and the risks presented by the processing, to preserve the security of the data and, in particular, to prevent the data from being distorted, damaged or that an unauthorised third party gains access to such data.
In the event that the services entrusted by the Client to LEYTON includes the processing of personal data on behalf of the Client, it shall be the responsibility of the Client to ensure that the measures for security and confidentiality offered by LEYTON are in accordance with the level of care that the Client must take with regard to its obligation for the security of the personal data for which it is responsible and that the guarantees presented by LEYTON to this effect are sufficient.
In this context, LEYTON may only act on the written instruction of the Client and undertakes, unless instructed to the contrary by the Client:
The Parties agree to define the concept of a written instruction as being acquired when LEYTON acts in the context of the performance of this agreement.
The European regulation concerning the protection of personal data (hereafter the “GDPR” or the General Data Protection Regulation) which is in force establishes a system of responsibility and transparency for the administrations, which assumes taking into account the processing of data from the beginning of putting in place a service or a product. The information of the data subjects concerned by the collection is reinforced, new levels of rights appear, such as the right to the limitation of processing or the portability of the data.
The Parties thus agreed to define in PROTECTION OF PERSONAL DATA hereof the necessary mechanism for security and protection that will be put in place in order to ensure compliance with the GDPR.
LEYTON shall use its best effort to perform the Services in accordance with the applicable state-of-the-art. It is expressly agreed that the obligation of LEYTON is an obligation of conduct and not an obligation of results. In case the Savings realized by the Client are to be reimbursed, LEYTON shall refund the fees paid by the Client pro rata to the amount of Savings to be reimbursed, till a maximum of 50% (first invoice). Except in case of willful intent, LEYTON’s liability as a result of, or in relation to, this Agreement shall not exceed the amount of the fee set forth in Article 3 hereof. LEYTON shall not be held liable for any loss of profit/income, loss of business, indirect, special, ancillary or consequential damages or for any replacement costs, regardless of the legal ground thereof.
This Agreement shall be governed by and construed in accordance with Dutch law. Each Party irrevocably submits to the exclusive jurisdiction of the courts of Utrecht, the Netherlands over any claim or matter arising under or in connection with this Agreement.
This annex is an integral part of the agreement and serves as a written agreement for the processing of data between LEYTON, the sub-contractor for the personal data, and its Client, the processing controller which provides the personal data in the context of the services by LEYTON.
The annex defines the technical measures and the organisation connected with the security that LEYTON puts in place in order to protect the personal data to which it has access.
The Client, as the data controller, and LEYTON, as the sub-contractor, have consequently taken the following provisions:
In the context of the agreement between the parties, the data controller shall have reason to use the personal data, including certain data of a sensitive nature.
LEYTON shall be called on in its capacity as sub-contractor, to intervene with regard to these same data in the context of the service described in the Agreement.
Objective, nature and purpose of the processing in the context of the Agreement
The objective and exclusive purpose of the processing of the personal data is:
In accordance with the provisions of the Agreement, the processing is realised with the goal of analysing in general the employer social security contributions and requires:
Duration
The duration of the specific processing is limited to the duration for performing the administrative processing action for absences, namely 3 years.
Type of personal data processed
The personal data processed in the context of the agreement in question concern the following categories of data:
Certain of these data are considered to be sensitive considering the character of their content.
Categories of data subjects
The personal data concern the following categories of persons: Employees of the Client
With regard to the character of the data processed and their potential use, the Client guarantees that it shall comply with its obligations in terms of information for the persons whose personal data will be subject to processing in the context of the agreement, as well as the legality of the processing that it performs.
In its capacity as sub-contractor for the personal data, LEYTON undertakes to take all of the appropriate measures necessary for it and for its personnel to comply with these obligations and in particular:
LEYTON undertakes moreover to implement at the Client’s request the resources and measures that are appropriate and reasonable in order to assist the Client to:
Any request for assistance to the Client that requires the mobilisation of means, resources or measures that are not reasonable shall constitute an additional service that is invoiced on the basis of the time spent and which, before being performed, shall be subject to an estimate that must be accepted by the Client.
LEYTON acknowledges and accepts that it may only act in terms of the processing of the data and the files to which it may have access in accordance with the terms hereof and the Agreement.
With regard to the type of data and the risks presented by the processing, and considering the state of knowledge, the cost for implementing and the character, scope, context and purposes for the processing as well as the risks for the rights and liberties of physical persons, LEYTON undertakes to take all measures necessary in order to preserve the security of the data and the files, and in particular to prevent any distortion, alteration, damage, destruction, either accidentally or illicitly, any loss, disclosure and/or any access by a third party which is not authorised in advance.
Consequently, LEYTON shall implement appropriate technical and organisational measures in order to preserve a level adapted to the security of the data, with regard to the character of the data and the risks presented by the processing, and in particular, to prevent them from being distorted or damaged, and to prevent any access that may not have been authorised in advance by the Client.
The means put in place by LEYTON intended to ensure the security and the confidentiality of the data are defined below:
LEYTON undertakes to notify the Client as soon as possible after becoming aware of any violation of any personal data, or any violation of the security causing, either accidentally or illicitly, the destruction, loss, alteration, or unauthorised disclosure of personal data transmitted, retained or processed in any other manner, or the unauthorised access to such data when they may cause harm to the rights of the data subjects.
This notification must be sent to the Client by electronic mail. It must, to the extent possible, specify the character and the consequences of the violation of the data as well as the measures already taken or those that are proposed in order to remedy the situation.
LEYTON undertakes to collaborate with the Client in order to be able to meet its obligations in terms of notification of the supervisory authorities as well as, if necessary, the data subject.
Additional services of assistance, such as analysis or investigative services concerning the origin and the consequences of the violation of the data, may be realised by LEYTON at the request of the Client, after validation of an estimate or an order. They are invoiced on the basis of the time spent.
The Client, acting, as the case may be, on behalf of its affiliated companies, authorises LEYTON to engage sub-contractors in the sense of the regulations on computer information and liberties for the processing of personal data.
The list of the sub-contractors, in the sense of the regulations on computer information and liberties (hereafter, the “subsequent sub-contractors”) is the following:
LEYTON may revoke, replace or appoint subsequent sub-contractors subject to the following provisions:
When its subsequent sub-contractors do not meet their obligations in terms of data protection, LEYTON shall remain fully responsible before the Client for the performance of their obligations by the subsequent sub-contractors.
In the event of the transfer of personal data to a third party country which does not belong to the European Union, LEYTON must obtain the prior written consent of the Client. If this consent is given, LEYTON undertakes to cooperate with the Client in order to ensure:
LEYTON shall keep up to date a registry of the processing activities carried out on behalf of the Client.
Under the terms of the Agreement, and unless provided expressly to the contrary by the law of the European Union or the law of a Member State of the European Union applicable to the processing that is the subject of this Agreement, LEYTON undertakes to destroy all of the physical or computer files which store the collected information.
In the event that the law of the European Union or the law of a Member State requires the retention of the personal data, LEYTON shall inform the Client of this obligation and shall than erase the data within 1 week.
An additional service of reversibility may be sought by the Client in accordance with the provisions of the Agreement
LEYTON undertakes to collaborate in a reasonable manner and to provide to the Client all of the information necessary in order to:
The costs associated with these audits, including the costs for mobilising the resources of LEYTON, shall be directly borne by the Client, on the basis of the time spent.
Unless indicated to the contrary in the mandatory applicable data protection law, an audit carried out by the Client must observe the following conditions: